Windows Shell Command Injection Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Microsoft) > Windows Shell

Vendors: Microsoft

Windows Shell Command Injection Flaw Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1027230

SecurityTracker URL: http://securitytracker.com/id/1027230

CVE Reference: CVE-2012-0175 (Links to External Site)

Date: Jul 10 2012

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs

Description: A vulnerability was reported in Windows Shell. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially named file or directory that, when loaded by the target user, will execute arbitrary commands on the target system. The commands will run with the privileges of the target user.

Adi Cohen of IBM Security Systems - Application Security reported this vulnerability.

Impact: A remote user can create a file or directory that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=405ce29a-7c97-44de-aed9-4c90cbdaaf1b

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=36fc4c85-fa93-4c6b-b93a-94460e9ba23b

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=1f058336-4a6a-47d0-ad6f-276dc381d1db

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=5b6d6227-8695-4ecb-86e1-bb264f954898

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=563399b3-cb19-40e9-ba9d-0079032c8cee

Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=2e9a4aeb-3f34-483c-ba3a-3141164e9e8a

Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=fe8467e2-8b37-4ec2-ba9f-324918f1f045

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=6d873c5a-57dc-4792-942e-124ce1a4ec2b

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=d49e3e7e-910a-4069-b0b0-0987bb9fdde2

Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=ca890b4d-124f-4293-b8d0-69f6302b5189

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=8ab3eadf-9437-4323-8323-87dfd23245fd

Windows 7 for 32-bit Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=8ab3eadf-9437-4323-8323-87dfd23245fd

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=f518f273-b3b9-4cbf-b820-05a1adc79342

Windows 7 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=f518f273-b3b9-4cbf-b820-05a1adc79342

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=d16fa6b9-43aa-4d0f-a230-52664e972ab9

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=d16fa6b9-43aa-4d0f-a230-52664e972ab9

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=c9c3b471-4a81-4a44-93ad-674650454c53

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=c9c3b471-4a81-4a44-93ad-674650454c53

Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=6d873c5a-57dc-4792-942e-124ce1a4ec2b

Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=d49e3e7e-910a-4069-b0b0-0987bb9fdde2

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=d16fa6b9-43aa-4d0f-a230-52664e972ab9

Windows Server 2008 R2 for x64-based Systems Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=d16fa6b9-43aa-4d0f-a230-52664e972ab9

A restart is required.

The Microsoft advisory is available at:

http://technet.microsoft.com/en-us/security/bulletin/ms12-048

Vendor URL: technet.microsoft.com/en-us/security/bulletin/ms12-048 (Links to External Site)

Cause: Input validation error

Underlying OS:

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC